registry  /  oases-ocli  /  0.1.31

oases-ocli@0.1.31

Local desktop runtime for Oases Chat project mode.

Static Scan Results

scanned 4h ago · by rust-scanner

Static analysis flagged 9 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.

Static reason
One or more suspicious static signals were detected.

Decision evidence

public snapshot
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 19 file(s), 628 KB of source, external domains: 127.0.0.1, appstoreprice.org, html.duckduckgo.com, www.oasesai.xyz, www.w3.org

Source & flagged code

2 flagged · loading source
src/terminalUi.jsView file
47L48: function isExplicitAnsiWindowsTerminal(env = process.env) { L49: return Boolean( ... L57: L58: export function supportsInteractiveUi(stream = process.stdout, env = process.env, platform = process.platform) { L59: if (env.OCLI_ANIMATED_UI === "1") return Boolean(stream.isTTY && env.CI !== "true" && env.TERM !== "dumb"); ... L173: function plainStartupLog({ port, workspace, token, version, runtimeSource }) { L174: console.log(`ocli ${version} (${runtimeSource}) listening on http://127.0.0.1:${port}`); L175: console.log(`workspace: ${workspace}`); ... L212: let openTimer; L213: const write = (chunk) => process.stdout.write(chunk); L214: const draw = () => {
High
Sandbox Evasion Gated Capability

Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.

src/terminalUi.jsView on unpkg · L47
OcliSkills/twitter-downloader/scripts/summarize_tweet.pyView file
path = OcliSkills/twitter-downloader/scripts/summarize_tweet.py kind = build_helper sizeBytes = 1250 magicHex = [redacted]
Medium
Ships Build Helper

Package ships non-JavaScript build or shell helper files.

OcliSkills/twitter-downloader/scripts/summarize_tweet.pyView on unpkg

Findings

1 High4 Medium4 Low
HighSandbox Evasion Gated Capabilitysrc/terminalUi.js
MediumNetwork
MediumEnvironment Vars
MediumShips Build HelperOcliSkills/twitter-downloader/scripts/summarize_tweet.py
MediumStructural Risk Force Deep Review
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings